The Windows Client Installation Package
The installation package consists of two components:
• The signed EkranSystemClient.exe installation file.
NOTE: For SaaS deployments, instead of the EkranSystemClient.exe file, the EkranSystemClient.msi file type is used.
• The EkranSystemClient.ini text configuration file that contains the Application Server address to which the Client will connect, as well as the Client configuration.
The table below lists most of the Windows Client installation parameters. If any parameter except RemoteHost is missing or invalid, its value will be set to the default.
Parameter | Description | Default Value |
Server Name / IP Address | ||
RemoteHost | The name or IP address of the computer on which the Application Server is installed. This parameter may contain multiple names and IP addresses, separated by commas or semicolons. NOTE: The Application Server IP address has to be static for Clients to connect to it successfully. Unique external IP addresses should be used for cloud-based Application Servers. | No |
RemotePort | The Ekran System Application Server port via which the Clients connect to the Application Server. | 9447 |
Frequency Settings for User Activity Recording | ||
EnableActivity | Recording user activity and screen captures when the active window is changed (1 = enabled; 0 = disabled). | Enabled |
EnableWndNmChanges | Recording user activity and screen captures when the window name is changed (1 = enabled; 0 = disabled). | Enabled |
EnableKBandMouse | Recording user activity and screen captures on clicking and key pressing (1 = enabled; 0 = disabled). | Enabled |
EnableTimer | Recording user activity and screen captures with a certain time interval (1 = enabled; 0 = disabled). | Disabled |
Timer | The time interval for recording user activity and screen captures in seconds. This period cannot be less than 30 seconds. This parameter is required if the EnableTimer parameter is set. | 30 |
Screen Capture Settings | ||
EnableScreenshotCreation | Recording screen captures along with user activity (1 = enabled; 0 = disabled). | Enabled |
EnableCaptureActiveWindowOnly | Screen captures and metadata recorded will contain information on the active window only (1 = enabled; 0 = disabled). | Disabled |
ColorDepth | The color scheme used for recording screen captures (7 = 4 bits (grayscale), 8 = 8 bits, 16 = 24 bits). | 7 (4 bits (grayscale)) |
Monitoring Parameters | ||
EnableClipboardMon | Logging of copy and paste operations (1 = enabled; 0 = disabled). | Enabled |
EnableSystemIdleDetect | System idle event detection (1 = enabled; 0 = disabled). | Enabled |
EnableIdleForceTimeout | Registering an idle event when the user is inactive (1 = forced idle event timeout is enabled; 0 = disabled). | Enabled |
IdleForceTimeout | The time interval when the user is inactive. This period cannot be less than 5 minutes. | 15 |
EnableSwiftUsernameMonitoring | Logging of user names used to log in to the SWIFT network (1 = enabled; 0 = disabled). NOTE: This parameter works only if EnableScreenshotCreation=1. | Disabled |
Keystroke Monitoring Parameters | ||
EnableKeystrokes | Logging of keystrokes (1 = enabled; 0 = disabled). | Enabled |
StartSessionOnKeyword | Starting monitoring on detection of a suspicious keyword in keystrokes (1 = enabled; 0 = disabled). | Disabled |
Keywords | The list of keywords which if typed triggers a session to start, separated by commas (e.g. drugs,medicine). Keywords are combined with OR logic; the LIKE operator is applied to the keywords typed (if “drug” is written, then “drugstore” will trigger a session to start). | Empty |
KeystrokeFiltering | Keystroke filtering during monitoring. If the value is “disabled”, keystroke filtering is disabled and all applications are monitored. If the value is “include”, keystroke filtering is enabled in Include mode, and only applications listed in KeystrokeFilteringAppNames or KeystrokeFilteringAppTitles are monitored. If the value is “exclude”, keystroke filtering is enabled in Exclude mode, and only applications not listed in KeystrokeFilteringAppNames or KeystrokeFilteringAppTitles are monitored. | Disabled |
KeystrokeFilteringAppNames | The list of application names, separated by commas (e.g. word.exe,skype.exe). Names are combined with OR logic; the LIKE operator is applied to names (e.g. if “word.exe” is written then winword.exe will be monitored). | Empty |
KeystrokeFilteringAppTitles | The list of application activity titles, separated by commas (e.g. Facebook,Google). Names are combined with OR logic; the LIKE operator is applied to the application activity titles (if “Facebook” is written, then Facebook messages will be monitored). | Empty |
Log Files | ||
MonLogging | The creation of monitoring logs on the Client computer. If the value is 0, the creation of monitoring logs is disabled; if the value is 1, a monitoring text log will be created in the LogPath location. | Disabled |
LogPath | The path to the location of the monitoring log files. Using environment variables (%appdata%, %temp%, etc.) is allowed. | C:\ProgramData\Ekran System\MonLogs |
EventLoggingEnabled | Logging of Ekran System events, such as errors, warnings, and informational messages to the Windows Event Log (1 = enabled; 0 = disabled). | Disabled |
LogLevelThreshold | The severity level of the log entries to be saved to the Windows Event log. If the value is 0, only log entries at the Error level are written; if the value is 1, log entries at Error and Warning levels are written; if the value is 2, log entries at Error, Warning, and Information levels are written. NOTE: This parameter works only if EventLoggingEnabled=1. | Disabled |
URL Monitoring | ||
URLMonitoring | Monitoring of URLs (1 = enabled; 0 = disabled). | Enabled |
MonitorTopDomain | Monitoring of top and second-level domain names (1 = enabled; 0 = disabled). NOTE: This parameter works only if URLMonitoring=1. | Enabled |
Application Filtering | ||
FilterState | Application filtering during monitoring. If the value is “disabled”, application filtering is disabled and all applications, active window titles, and URLs are monitored. If the value is “include”, application filtering is enabled in Include mode, and only applications, active window titles, and URLs listed in FilterAppName or FilterAppTitle are monitored. If the value is “exclude”, application filtering is enabled in Exclude mode, and only applications, active window titles, and URLs not listed in FilterAppName or FilterAppTitle are monitored. | Disabled |
FilterAppName | The list of application names, separated by commas (e.g. word.exe,skype.exe). Names are combined with OR logic; the LIKE operator is applied to names (e.g. if word.exe is written then winword.exe will be monitored). | Empty |
FilterAppTitle | The list of active window titles and URLs, separated by commas (e.g. “Facebook,Google). Names are combined with OR logic; the LIKE operator is applied to the active window titles and URLs (if “Facebook” is written, then “Facebookmessages” will be monitored). | Empty |
User Filtering | ||
UserFilterState | User filtering during monitoring. If the value is “disabled”, the activity of all users is monitored. If the value is “include”, user filtering is enabled in Include mode, and only the activity of users listed in UserFilterNames is monitored. If the value is “exclude”, application filtering is enabled in Exclude mode, and only the activity of users not listed in UserFilterNames is monitored. | Disabled |
UserFilterNames | A list of user names, separated by semicolons (e.g. work\jane;work\john). Names are combined with OR logic. Using an asterisk (*) as a name/domain wildcard is allowed (e.g. *\administrator or *\admin*). | Empty |
Additional Options | ||
EnableProtectedMode | The mode of Client operation (1 = Protected mode is enabled; 0 = disabled). | Disabled |
UpdateAutomatically | Client Update mode. If the value is 1, automatic Client update is enabled; if the value is 0, it is disabled and the Client requires a manual update. | Enabled |
DisplayClientIcon | Displaying of the Client tray icon. If the value is 1, the Client tray icon is displayed; if the value is 0, it is hidden. | Disabled |
OfflineClientDetection | Notification about Clients being offline for more than a specified time period (i.e. "disconnected"). If the value is 1, offline Client detection is enabled; if the value is 0, it is disabled. | Disabled |
OfflineClientDetectionInterval | The time period after which the Client will be considered as "disconnected". | 01d00h00m |
OfflineClientNotificationEmail | The list of email addresses to which notifications will be sent, separated by semicolons. | Empty |
Monitoring Time Filtering | ||
MonitorTimeFilterState | Filtering the time of recording user activity. If the value is “disabled”, user activity is recorded 24/7. If the value is “include”, user activity is recorded only on days defined in MonitoringDays and only during hours defined in MonitoringHours. If the value is “exclude”, user activity is not recorded on days defined in MonitoringDays and during hours defined in MonitoringHours. | Disabled |
MonitoringDays | The days of the week during which the Client will or will not record users' activity. The days of the week are combined by OR logic. | Mon, Tue, Wed, Thu, Fri |
MonitoringHours | The hours during which the Client will or will not record users' activity. | 8:00 – 18:00 |
Remote Host IP Filtering | ||
IPFilterState | Remote host IP filtering during monitoring. If the value is “disabled”, remote sessions from all IP addresses are monitored. If the value is “includePublic”, remote host IP filtering is enabled in Include mode, and only remote sessions from public IP addresses listed in IPFilterAddresses are monitored. If the value is “excludePublic”, remote host IP filtering is enabled in Exclude mode, and only remote sessions from public IP addresses not listed in IPFilterAddresses are monitored. If the value is “includePrivate”, remote host IP filtering is enabled in Include mode, and only remote sessions from private IP addresses listed in IPFilterAddresses are monitored. If the value is “excludePrivate”, remote host IP filtering is enabled in Exclude mode, and only remote sessions from private IP addresses not listed in IPFilterAddresses are monitored. | Disabled |
IPFilterValue | The list of IP addresses, separated by commas (e.g. 10.100.0.1,10.100.0.2). IP addresses are combined with OR logic. Using an asterisk (*) as a wildcard is allowed (e.g. 10.200.*.*). | Empty |
Authentication Options | ||
NotificationMessage | The message that is displayed when a user logs in to the system. | Disabled |
EnableNotificationComment | An additional option that requires the user to comment on an additional message displayed when logging in to the system (1 = enabled; 0 = disabled). | Disabled |
RequireTicketNumber | An additional option that requires the user to enter a valid ticket number from an integrated ticketing system to start working with the Client computer (1 = enabled; 0 = disabled). | Disabled |
Two-Factor and Secondary Authentication | ||
EnableForcedAuth | Additional identification of users that log in to the Client with the server operating system installed on it (1 = enabled; 0 = disabled). | Disabled |
EnableOneTimePassword | An additional option that allows the user to request a one-time password to get temporary access (1 = enabled; 0 = disabled). | Disabled |
EnableTwoFactorAuth | An option that requires the user to enter a time-based one-time password to log in (1 = enabled; 0 = disabled). | Disabled |
Advanced Options | ||
InstallDir | The path to the Client installation folder. Using environment variables (%appdata%, %temp%, etc.) is allowed. | %ProgramFiles%\Ekran System\Ekran System |
LocalCacheLimit | The size of the Client offline data cache in MB. | 500 |
TenantKey | A unique identifier used by Clients to detect the tenant they belong to. NOTE: In Multi-Tenant mode, the tenant key of each tenant is displayed in the Management Tool (on the Tenant Management page). | <Key value> of the built-in default tenant. |